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DETAILED ACTION 

1 . This Action is in response to Amendment for Application Number 1 0/028,412 
received on 19 April 2005. 

2. Claims 1, 2, 4, 5, 7, 9-16, 18, 19, 21, 23-30, 32, 33, 35 and 37-49 are presented 
for examination. 

Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 1, 15, and 29 are rejected under 35 U.S.C. 112, second paragraph, as 

being indefinite for failing to particularly point out and distinctly claim the subject matter 

which applicant regards as the invention. 

3. Claims 1,15, and 29 recite the limitation "and operate substantially". It is unclear 
to Examiner what this means. 

4. Claims 1,15, and 29 recite the limitation "wherein the peer-to-peer network 
permits peers to connect substantially without a server by utilizing the server, at most, 
for providing addresses for the peers in the peer-to-peer network". It is unclear as to 
what is required by the server in this limitation. It is apparent that using the server for 
anything is an option. 

5. Claim 45 recites the limitation, "wherein a share configuration loop is executed to 
detect changes to shares and corresponding permissions, and take action as a function 
of a type of the changes". It is unclear to Examiner what "take action as a function of a 
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type of the changes" means. It is also unclear as to what is taking action. It is also 
unclear as to what action is taken. 

6. Claim 48 recites the limitation, "wherein the share configuration loop examines a 
current share configuration against a previously recorded share configuration". It is 
unclear why the configuration loop examines against a previously recorded share 
configuration. 



Examiner's Interpretation 

7. Before a detailed rejection, a brief interpretation of peer-to-peer networks should 
be discussed. A peer-to-peer network is a communications network in which each party 
has the same capabilities and either party can initiate a communication session. Peer- 
to-peer communication may be implemented in a client/server environment by giving 
each communication node, server and client, the same capabilities, meaning a client 
can be configured as a server and a server can be configured as a client, where traffic 
is running in both directions. Monitoring traffic on a peer-to-peer network is the same as 
monitoring traffic in both directions on any network. Also, at any one given time you 
have a client process and a server process, which makes it irrelevant to the type of 
network being used. To further support this interpretation, the Gnutella Protocol 
Specification vO.4 has been provided in the References Cited 892. The Gnutella 
Protocol Specification shows support that within a peer-to-peer network, every client is a 
server, and vice versa. These so-called Gnutella servents perform tasks normally 
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associated with both clients and servers. They provide client-side interfaces through 
which users can issue queries and view search results, while at the same time they also 
accept queries from other servants, check for matches against their local data set, and 
respond with applicable results. Gnutella, being a well known peer-to-peer network, 
shows that a peer-to-peer network is simply made up of clients and servers. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not Identically disclosed or described as set 
forth In section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1, 2, 5, 11, 15, 16, 19, 25, 29, 30, 33, 39 and 45-49 are rejected under 35 

U.S.C. 103(a) as being unpatentable over Welch, Jr. et al. (U.S. Patent Number 

5,862,335) in view of Meadway et al. (U.S. Patent Number 6,675,205). 

8. Regarding claims 1,15, and 29, Welch disclosed a computerized method 
comprising: 

monitoring a peer-to-peer network for suspicious activity based on patterns of 
activity (Welch, col. 1, lines 45-55, col. 2, lines 35-43, col. 5, lines 55-67); and 

However, Welch does not explicitly state performing an action associated with a 
particular pattern when the particular pattern is detected in the peer-to-peer network; 
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wherein the peer-to-peer network permits peers to connect and operate 
substantially without a server by utilizing the server, at most, for providing addresses for 
the peers in the peer-to-peer network; 

wherein a pattern of activity is defined in terms of a configuration of shared data 
on a peer, the configuration establishing a baseline of authorized shares and 
permissions in association with the shared data; 

wherein monitoring a peer-to-peer network comprises evaluating a change with 
respect to the shared data on a peer in the peer-to-peer network, the change being 
made with respect to the baseline. 

In an analogous art, Meadway disclosed a peer-to-peer system in which a central 
site directs the peer systems to each other for file sharing (Meadway, col. 1 , lines 45- 
52), providing a way for peers to directly transfer the requested file without the need of 
the server (Meadway, col. 1, lines 63-65), with indexing occurring on the peer to monitor 
the changes made to the files that the peer is sharing, with the updates transmitted to 
the central service (Meadway, col. 2, lines 1-10). 

Therefore it would have been obvious to one in the ordinary skill in the art to 
incorporate the teachings of Meadway into Welch to provide increased monitoring 
functionality of the network by not only monitoring file transfers and logical connections 
in the network, but also maintaining an index of the contents of files that peers of the 
network are allowing to be shared from their systems (Meadway, col. 2, lines 10-20). 



Application/Control Number: 1 0/028.41 2 Page 6 

Art Unit: 2143 

Claims 15 and 29 include a computer-readable medium and system performing the 
same functionality as claim 1 and are therefore are rejected under the same prior art as 
being substantially similar. 

9. Regarding claims 2, 16, and 30, Welch and Meadway disclosed the limitations, 
substantially as claimed, as described in claims 1,15, and 29, including wherein 
monitoring a peer-to-peer network comprises: 

evaluating network traffic among peers in the peer-to-peer network (Welch, col. 
3, lines 25-30). 

10. Regarding claims 5, 19, and 33, Welch and Meadway disclosed the limitations, 
substantially as claimed, as described in claims 1,15, and 29, including wherein a 
pattern of activity is defined in terms of network traffic in the peer-to-peer network that 
uses a specific protocol (Welch, col. 3, lines 25-30, 45-50). 

1 1 . Regarding claims 1 1 , 25, and 39, Welch and Meadway disclosed the limitations, 
substantially as claimed, as described in claims 1,15, and 29, including wherein the 
patterns of activity are local to a peer in the peer-to-peer network (Welch, col. 10, lines 
5-10). 

12. Regarding claim 45, Welch and Meadway disclosed the limitations, substantially 
as claimed, as described in claims 1,15, and 29, including wherein a share 
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configuration loop is executed to detect changes to shares and corresponding 
permissions, and take action as a function of a type of the changes (Meadway, col, 2, 
lines 1-10). 

13. Regarding claim 46, Welch and Meadway disclosed the limitations, substantially 
as claimed, as described in claim 45 including wherein the share configuration loop is 
executed dynamically (Meadway, col. 2, lines 1-10). 

14. Regarding claim 47, Welch and Meadway disclosed the limitations, substantially 
as claimed, as described in claim 45 including wherein the share configuration loop is 
executed on a schedule (Meadway, col. 2, lines 1-10). 

15. Regarding claim 48, Welch and Meadway disclosed the limitations, substantially 
as claimed, as described in claim 45 including wherein the share configuration loop 
examines a current share configuration against a previously recorded share 
configuration (Meadway, col. 2, lines 1-10). 

16. Regarding claim 49, Welch and Meadway disclosed the limitations, substantially 
as claimed, as described in claim 45 including wherein, if the change includes an 
attempt to un-share a file or directory the action includes a log entry (Meadway, col. 2, 
lines 1-10, 35-41). 
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Claims 4, 7. 9, 10, 12-14.18, 21, 23, 24. 26-28. 32. 35. 37,38. and 40-44 are 
rejected under 35 U.S.C. 103(a) as being unpatentable over Welch, Jr. et al. (U.S. 
Patent Number 5,862,335) in view of Meadway et al. (U.S. Patent Number 6,675,205) 
as applied to claims 1,15. and 29 above, and further in view of Conklin et al. (U.S. 
5,991,881). 

17. Regarding claims 4, 18, and 32, Welch and Meadway disclosed the limitations, 
substantially as claimed, as described in claims 1.15. and 29. Welch and Meadway did 
not explicitly state wherein a pattern of activity is defined in terms of a threshold value of 
network traffic in the peer-to-peer network. 

In an analogous art, Conklin disclosed a network surveillance system that 
includes checking patterns of activity in comparison to a series of predefined or learned 
patterns which are pre-stored or developed from data received from the network 
(Conklin, col. 4 line 45 through col. 5, linelO). 

Welch and Meadway together provide a system of monitoring peers and their 
activity in a peer-to-peer network. The teachings of Welch and Meadway suggest peer- 
to-peer networks that communicate using Transmission Control Protocol/Internet 
Protocol (Welch, col. 3, lines 45-67. Meadway. col. 3, lines 20-25). 

The teachings of Conklin provide a network surveillance designed and intended 
to operate compatibly on networks which communicate using the Transmission Control 
Protocol/Internet Protocol, TCP/IP (Conklin, col. 2, lines 60-67). 
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Therefore, it would have been obvious to one in the ordinary skill in the art at the 
time of the invention to incorporate the teachings of Conklin into the teachings of Welch 
and Meadway to identify unauthorized activities such as methods and systems used by 
hackers to intrude into the peer-to-peer network (Conklin, col. 1, lines 10-15). 

18. Regarding claims 7, 21, and 35, Welch and Meadway disclosed the limitations, 
substantially as claimed, as described in claims 1,15, and 29. Welch and Meadway did 
not explicitly state wherein a pattern of activity is defined in terms of network traffic in 
the peer-to-peer network having a foreign address. In an analogous art, Conklin 
disclosed an intrusion detection function which identifies the network traffic as 
reportable activity indicating source and destination of the packet (Conklin, coL 5, lines 
25-35). See motivation above. 

19. Regarding claims 9, 23, and 37, Welch and Meadway disclosed the limitations, 
substantially as claimed, as described in claims 1,15, and 29. Welch and Meadway did 
not explicitly state wherein the action comprises logging information about the particular 
pattern. In an analogous art, Conklin disclosed keeping a log file about the patterns of 
activity (Conklin, col. 5, lines 33-35). See motivation above. 

20. Regarding claims 10, 24, and 38, Welch and Meadway disclosed the limitations, 
substantially as claimed, as described in claims 1,15, and 29. Welch and Meadway did 
not explicitly state wherein the action comprises sending an alert about the particular 
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pattern. In an analogous art, Conklin disclosed sending out an alert when a pattern is 
detected (Conklin, col. 5, lines 30-33). See motivation above. 

21. Regarding claims 12, 26, and 40, Welch and Meadway disclosed the limitations, 
substantially as claimed, as described in claims 1,15, and 29. Welch and Meadway did 
not explicitly state wherein the patterns of activity are global to the peer-to-peer network. 
In an analogous art, Conklin disclosed the network surveillance system capturing traffic 
that is broadcast (Conklin, col. 2, lines 50-58). See motivation above. 

22. Regarding claims 13, 27, and 43, Welch and Meadway disclosed the limitations, 
substantially as claimed, as described in claims 1 , 15, and 29. Welch and Meadway did 
not explicitly state obtaining a set of rules specifying the patterns of activity and 
associated actions. In an analogous art, Conklin disclosed obtaining pre-stored 
patterns of activity in a database (Conklin, col. 4, lines 45-55). See motivation above. 

23. Regarding claims 14, 28, and 44, Welch, Meadway, and Conklin disclosed the 
limitations, substantially as claimed, as described in claims 13, 27, and 43, including 
refreshing the set of rules when the set of rules changes (Conklin, col. 4, lines 48-52). 

24. Regarding claim 41, Welch, Meadway, and Conklin disclosed the limitations, 
substantially as claimed, as described in claim 40, including wherein the system is a 
border firewall (Conklin, col. 4, lines 45-55). 
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25. Regarding claim 42, Welch, Meadway, and Conklin disclosed the limitations, 
substantially as claimed, as described in claim 40, including wherein the system is a 
domain name server (Meadway, col. 3, lines 20-25). 



Response to Amendment 

Applicant's arguments and amendments filed on 01 April 2005 have been carefully 
considered but they are not deemed fully persuasive. Applicant's arguments are 
deemed moot in view of the followirig new grounds of rejection as explained here below, 
necessitated by Applicant's substantial amendment (i.e., by incorporating new 
limitations into tlie independent claims, which require further search and consideration) 
to the claims which significantly affected the scope thereof. 

Applicant's arguments with respect to claims 1, 2, 4, 5, 7, 9-16, 18, 19, 21, 23-30, 
32, 33, 35 and 37-49 are deemed moot in view of the following new grounds of 
rejection, necessitated by Applicant's amendment to the claims, which significantly 
affected the scope thereof. 

As it is Applicant's right to continue to claim as broadly as possible their, 
invention, it is also the Examiner's right to continue to interpret the claim language as 
broadly as possible. It is the Examiner's position that the detailed functionality that 
allows for Applicant's invention to overcome the prior art used in the rejection, fails to 
differentiate in detail how these features are unique. By the rejection above, the 
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applicant must submit amendments to the claims in order to distinguish over the prior 
art use in the rejection that discloses different features of Applicant's claimed invention. 

It is the Examiner's position that Applicant has not yet submitted claims dl^awn to 
limitations, which define the operation and apparatus of Applicant's disclosed invention 
in mannei^, which distinguishes over the prior art. 

Failure for Applicant to significantly narrow definition/scope of the claims and 
supply arguments commensurate in scope with the claims implies the Applicant intends 
broad interpretation be given to the claims. The Examiner has interpreted the claims 
with scope parallel to the Applicant in the response and reiterates the need for the 
Applicant to more clearly and distinctly define the claimed invention. 



Conclusion 

Examiner's Note: Examiner has cited particular columns and line numbers in 
the references applied to the claims above for the convenience of the applicant. 
Although the specified citations are representative of the teachings of the art and are 
applied to specific limitations within the individual claim, other passages and figures 
may apply as well. It is respectfully requested from the applicant in preparing 
responses, to fully consider the references in entirety as potentially teaching all or part 
of the claimed invention, as well as the context of the passage as taught by the prior art 
or disclosed by the Examiner. 
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In the case of amending the claimed invention, Applicant is respectfully 
requested to indicate the portion(s) of the specification which dictate(s) the structure 
relied on for proper interpretation and also to verify and ascertain the metes and bounds 
of the claimed invention. 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to J. Bret Dennison whose telephone number is (571)272- 
3910. The examiner can normally be reached on M-F 8:30am-5pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, David A Wiley can be reached on (703)308-5221 . The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
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published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-firee). 



J. B. D. 

Patent Examiner 
Art Unit 2143 




